This invention relates to the field of computer systems. More particularly, a system and methods are provided for restricting data access from electronic documents, in order to prevent unauthorized sharing of data.
Electronic documents come in many forms, and may contain various types of content, including text, data, graphics, video, sound and so on. Electronic document contents may therefore be static or dynamic, and may include other documents or even executable code such as an application, an applet, a script, etc.
Because documents and document contents are no longer static and passive, they can be configured to access other documents or data resources. For example, a script or applet embedded in one document may, when the document is opened, automatically retrieve data from another document, a database, a web server or some other external resource, and/or send data to an external resource.
However, this ability to share or distribute data through a document gives rise to security and privacy concerns. For example, a document opened within an organization's internal network could be configured (e.g., with a script or applet) to send sensitive information to an entity (e.g., web server) outside the network. Or, the document could be configured to import a virus or other undesirable data from an external location. Typically, documents and applications that manipulate documents are not configured to monitor data accesses involving data sources or resources external to the documents.
Therefore, there is a need for a system and a method of restricting the ability of a document, or a component of a document, from accessing undesirable data or undesirable data sources or resources.